Page 101 of 2294 results (0.014 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82. Cuando múltiples subprocesos WASM presentaban una referencia a un módulo y buscaban funciones exportadas, un subproceso WASM podría haber sobrescrito la entrada de otro en una tabla de códigos auxiliares compartida, lo que resultó en un bloqueo potencialmente explotable.&#xa0;Esta vulnerabilidad afecta a Firefox versiones anteriores a 82 • https://bugzilla.mozilla.org/show_bug.cgi?id=1666568 https://www.mozilla.org/security/advisories/mfsa2020-45 •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be incorrectly associated with a different origin. This vulnerability affects Firefox < 82. Cuando se hacía clic en un enlace a un protocolo externo, se presentaba un mensaje que le permitía al usuario elegir en qué aplicación lo abriera. • https://bugzilla.mozilla.org/show_bug.cgi?id=1636654 https://www.mozilla.org/security/advisories/mfsa2020-45 • CWE-346: Origin Validation Error •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 82. Los desarrolladores de Mozilla informaron bugs de seguridad de la memoria presentes en Firefox versión 81. Algunos de estos bugs mostraron evidencia de corrupción de la memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1653764%2C1661402%2C1662259%2C1664257 https://www.mozilla.org/security/advisories/mfsa2020-45 • CWE-416: Use After Free •

CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0

Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4. Los desarrolladores de Mozilla y los miembros de la comunidad informaron bugs de seguridad de la memoria presentes en Firefox versión 81 y Firefox ESR versión 78.3.&#xa0;Algunos de estos bugs mostraron evidencia de corrupción de la memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haber sido explotados para ejecutar código arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00077.html https://bugzilla.mozilla.org/buglist.cgi?bug_id=1576843%2C1656987%2C1660954%2C1662760%2C1663439%2C1666140 https://lists.debian.org/debian-lts-announce/2020/10/msg00027.html https://security.gentoo.org/glsa/202010 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-416: Use After Free CWE-787: Out-of-bounds Write •

CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0

If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, and Firefox ESR < 78.2. • https://bugzilla.mozilla.org/show_bug.cgi?id=1643199 https://www.mozilla.org/security/advisories/mfsa2020-36 https://www.mozilla.org/security/advisories/mfsa2020-37 https://www.mozilla.org/security/advisories/mfsa2020-38 https://www.mozilla.org/security/advisories/mfsa2020-40 https://www.mozilla.org/security/advisories/mfsa2020-41 • CWE-427: Uncontrolled Search Path Element •